[pcap-ng-format] Does anyone actually generate the epb_hash field today?
Jasper Bongertz
jasper at packet-foo.com
Thu Aug 27 15:27:58 UTC 2015
on Donnerstag, 27. August 2015 at 17:05 you wrote:
> Howdy,
> I'm not suggesting we get rid of the option, but does any code out
> there actually generate the EPB's epb_hash option?
not mine - I was thinking about it but saw no real use for it. Anyone
modifying the packet contents can always recalculate the hash, so it's
not protecting against tampering with the packet. And protection
against file damage seems a bit unspectacular as well. Packet
comparison also seems far-fetched as you'll almost never run into the
situation of comparing packets from the exact same capture.
> I have not found any code which does, and it's under-specified in
> terms of what the "algorithms" cover and how their values are encoded.
> (and some of the algorithms seem ludicrous to me - in particular the
> 2's complement and XOR "algorithms")
Agree on 2's complement and XOR; not useful at all.
> I propose we remove them from the draft, but reserve their number
> codes (not re-use them) just in case.
I have no real objection; I wouldn't mind keeping the real ones (MD5,
SHA) either. As you said we should reserve the number codes at least.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4015 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.winpcap.org/pipermail/pcap-ng-format/attachments/20150827/c5355176/attachment.bin>
More information about the pcap-ng-format
mailing list